<?php
include('include/conf.php');
	//begin verificare data
$id_connect = connect_to_database(HOST, USER, PASS, DATABASE);
if(logged("client")){
  $sesiune = mysql_real_escape_string($_POST['sesiune']);
  //get client nume
  $str = "SELECT nume FROM clienti WHERE sesiune = '$sesiune'";
	$result = mysql_query($str,$id_connect);
	$value = mysql_fetch_assoc($result);
	$nume = $value['nume'];
  //scoate tipul de operatiune
  if(isset($_POST['op'])){
    $op = $_POST['op'];
//######################################################################
    if($op=="get_marca"){
      //XML expected
      //se scot marcile pentru a popula combo
      $str = "SELECT marca from marca ORDER BY marca ASC";
      $result = mysql_query($str,$id_connect);
      $continut = "";
      while($value=mysql_fetch_assoc($result)){
        //se construieste coprul xml-ului
        $continut .= "<row label=\"".$value['marca']."\" />";
      }
      //trimite back catre server
      build_xml_packet(9,$continut);
    }
//#########################################################################
  if($op=="get_model"){
    //XML expected
      $marca = mysql_real_escape_string($_POST['marca']);
      $str = "SELECT model FROM model WHERE marca='$marca' ORDER BY model ASC";
      $result = mysql_query($str,$id_connect);
      $continut = "";
      while($value=mysql_fetch_assoc($result)){
        //se construieste coprul xml-ului
        $continut .= "<row label=\"".$value['model']."\" />";
      }
      //trimite back catre server
      build_xml_packet(9,$continut);
    }
//#########################################################################
  if($op=="get_companie_credit"){
    //XML expected
      $model = mysql_real_escape_string($_POST['model']);
      $marca = mysql_real_escape_string($_POST['marca']);
      $str = "SELECT companie FROM credit WHERE marca='$marca' AND model='$model' ORDER BY companie ASC";
      $result = mysql_query($str,$id_connect);
      $continut = "";
      while($value=mysql_fetch_assoc($result)){
        //se construieste coprul xml-ului
        $continut .= "<row label=\"".$value['companie']."\" />";
      }
      //trimite back catre server
      build_xml_packet(9,$continut);
    }
//#########################################################################
  if($op=="get_pret"){
    //String expected
      $marca = mysql_real_escape_string($_POST['marca']);
      $model = mysql_real_escape_string($_POST['model']);
      $companie = mysql_real_escape_string($_POST['companie']);
      //$nume = mysql_real_escape_string($_POST['nume']);
      $str = "SELECT cost FROM credit_clienti WHERE nume='$nume' AND marca='$marca' AND model='$model' AND companie='$companie'";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      if($num == 1){
        $value=mysql_fetch_assoc($result);
        $cost = $value['cost'];
        //data reprezinta pret. data este atribuita propritatii str_out din class LoaderVlad
        $continut = "<row cost=\"$cost\" />";
        build_xml_packet(9,$continut);
      }else{
        //asta inseamna nici un rezultat sau mai multe
        send_error_xml(11);
      }     
    }
//#########################################################################
  if($op=="get_imei_list"){      
    //XML expected
      //$nume = mysql_real_escape_string($_POST['nume']);
      $str = "SELECT * FROM coduri WHERE nume='$nume' ORDER BY data_in DESC LIMIT 50";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      $continut = "";
      $count = 0;
      //do output
      while($value=mysql_fetch_assoc($result)){
        $count++;
        $data_in = date("d-M-y H:i", $value['data_in']);
        if($value['data_out'] != ""){
          $data_out = date("d-M-y H:i", $value['data_out']);
        }else{
          $data_out = "";
        }
        //se construieste coprul xml-ului
        $continut .= "<row no=\"".$count."\" marca=\"".$value['marca']."\" model=\"".$value['model']."\" companie=\"".$value['companie']."\" imei=\"".$value['imei']."\" unlock=\"".$value['unlock_code']."\" data_in=\"".$data_in."\" data_out=\"".$data_out."\" cost=\"".$value['cost']."\" />";
      }
      build_xml_packet(9,$continut,$num);
  }
//#########################################################################
  if($op=="get_imei_list_vechi"){      
    //XML expected
      $id_connect = connect_to_database(HOST, USER, PASS, "imeiserver");
      //$nume = mysql_real_escape_string($_POST['nume']);
      $str = "SELECT imei.imei, imei.unlock_code, imei.formated_imei_type, imei.data_in, imei.data_out FROM clienti, imei WHERE clienti.nume='$nume' AND clienti.id=imei.user_id ORDER BY data_in DESC LIMIT 50";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      $continut = "";
      $count = 0;
      //do output
      while($value=mysql_fetch_assoc($result)){
        $count++;
        $data_in = date("d-M-y H:i", $value['data_in']);
        if($value['data_out'] != ""){
          $data_out = date("d-M-y H:i", $value['data_out']);
        }else{
          $data_out = "";
        }
        //se construieste coprul xml-ului
        $continut .= "<row no=\"".$count."\" imei=\"".$value['imei']."\" unlock=\"".$value['unlock_code']."\" tipo=\"".$value['formated_imei_type']."\" data_in=\"".$data_in."\" data_out=\"".$data_out."\" />";
      }
      build_xml_packet(9,$continut,$num);
  }
//#########################################################################
  if($op=="get_imei_search"){      
    //XML expected
      $imei = mysql_real_escape_string($_POST['imei']);
      //$nume = mysql_real_escape_string($_POST['nume']);
      $str = "SELECT * FROM coduri WHERE imei LIKE '%$imei%' and nume='$nume' ORDER BY data_in DESC LIMIT 50";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      $continut = "";
      $count = 0;
      //do output
      while($value=mysql_fetch_assoc($result)){
        $data_in = date("d-M-y H:i", $value['data_in']);
        $count++;
        if($value['data_out'] != ""){
          $data_out = date("d-M-y H:i", $value['data_out']);
        }else{
          $data_out = "";
        }
        //se construieste coprul xml-ului
        $continut .= "<row no=\"".$count."\" marca=\"".$value['marca']."\" model=\"".$value['model']."\" companie=\"".$value['companie']."\" imei=\"".$value['imei']."\" unlock=\"".$value['unlock_code']."\" data_in=\"".$data_in."\" data_out=\"".$data_out."\" cost=\"".$value['cost']."\" />";
      }
      build_xml_packet(9,$continut,$num);      
    }
//#########################################################################
  if($op=="get_imei_search_vechi"){      
    //XML expected
      $id_connect = connect_to_database(HOST, USER, PASS, "imeiserver");
      $imei = mysql_real_escape_string($_POST['imei']);
      //$nume = mysql_real_escape_string($_POST['nume']);
      $str = "SELECT imei.imei, imei.unlock_code, imei.formated_imei_type, imei.data_in, imei.data_out FROM clienti, imei WHERE clienti.nume='$nume' AND clienti.id=imei.user_id AND imei.imei LIKE '%$imei%' ORDER BY data_in DESC LIMIT 50";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      $continut = "";
      $count = 0;
      //do output
      while($value=mysql_fetch_assoc($result)){
        $data_in = date("d-M-y H:i", $value['data_in']);
        $count++;
        if($value['data_out'] != ""){
          $data_out = date("d-M-y H:i", $value['data_out']);
        }else{
          $data_out = "";
        }
        //se construieste coprul xml-ului
        $continut .= "<row no=\"".$count."\" imei=\"".$value['imei']."\" unlock=\"".$value['unlock_code']."\" tipo=\"".$value['formated_imei_type']."\" data_in=\"".$data_in."\" data_out=\"".$data_out."\" />";
      }
      build_xml_packet(9,$continut,$num);      
    }
//#########################################################################
  if($op=="get_personal_info"){
    //xml expected
      //$nume = mysql_real_escape_string($_POST['nume']);
      $str = "SELECT * FROM clienti WHERE nume='$nume'";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      if($num != 1){
        send_error_xml(11);
      }
      $value = mysql_fetch_assoc($result);
      $continut = "<row parola=\"".$value['parola']."\" mail=\"".$value['mail']."\" phone=\"".$value['phone']."\" total=\"".$value['cr_total']."\" ramas=\"".$value['cr_ramas']."\" consumat=\"".$value['cr_consumat']."\" />";
      build_xml_packet(9,$continut);
      
  }
//########################################################################
    if($op=="get_credit_list"){
    //XML return pentru afisare
      //$nume = mysql_real_escape_string($_POST['nume']);
      $continut = "";
      $count = 0;
      $str = "SELECT marca, model, companie, cost FROM credit_clienti WHERE nume='$nume'";
      $result = mysql_query($str,$id_connect);
      while($value=mysql_fetch_assoc($result)){
          $count++;
          $continut .= "<row no=\"".$count."\" marca=\"".$value['marca']."\" model=\"".$value['model']."\" companie=\"".$value['companie']."\" cost=\"".$value['cost']."\"  />";
      }
      build_xml_packet(9,$continut);
    }
//########################################################################
    if($op=="get_credit_client"){
    //XML return pentru afisare
      //$nume = mysql_real_escape_string($_POST['nume']);
      $str = "SELECT cr_total, cr_ramas, cr_consumat FROM clienti WHERE nume='$nume'";
      $result = mysql_query($str,$id_connect);
      $value = mysql_fetch_assoc($result);
      $continut = "<row ramas=\"".$value['cr_ramas']."\" />";
      build_xml_packet(9,$continut);
    }
//#########################################################################
    if($op=="get_plati"){ 
    //XML expected 
      //$nume = mysql_real_escape_string($_POST['nume']);
      $str = "SELECT * FROM plati WHERE nume='$nume' ORDER BY data_plata DESC LIMIT 50";
      $result = mysql_query($str,$id_connect);
      $continut = "";
      $count = 0;
      while($value=mysql_fetch_assoc($result)){
        $count++;
        $data_plata = date("d-M-y H:i", $value['data_plata']);
        $continut .= "<row no=\"".$count."\" nume=\"".$value['nume']."\" comentariu=\"".$value['comentariu']."\" suma=\"".$value['suma']."\" data=\"".$data_plata."\" />";
      }
      build_xml_packet(9,$continut);
    }
//#########################################################################
  if($op=="insert_imei"){
      //String expected
      $marca = mysql_real_escape_string($_POST['marca']);
      $model = mysql_real_escape_string($_POST['model']);
      $companie = mysql_real_escape_string($_POST['companie']);
      $imei = mysql_real_escape_string($_POST['imei']);
      //$nume = mysql_real_escape_string($_POST['nume']);
      //check imei
      if(!is_numeric($imei)||(strlen($imei)!=15)){
        send_error_xml(21);
      }
      //verifica daca tipul de credit exista inregistrat la client si scoate pretul
      $str = "SELECT cost from credit_clienti WHERE nume='$nume' AND marca='$marca' AND model='$model' AND companie='$companie'";
      $result = mysql_query($str,$id_connect);
      $num = mysql_num_rows($result);
      if($num != 1){
        send_error_xml(20);
      }
      $value = mysql_fetch_assoc($result);
      $cost = $value['cost'];
      //mai intai se verifica credit. Acesta nu poate fi 0 sau string sau negativ
      if(!is_numeric($cost)||($cost<=0)){
        send_error_xml(16);
      }
      //mai intai check credit
      $str = "SELECT cr_ramas from clienti WHERE nume='$nume'";
      $result = mysql_query($str,$id_connect);
      $value = mysql_fetch_assoc($result);
      $cr_ramas = $value['cr_ramas'];
      if($cr_ramas>=$cost){
        //este credit. begin transaction
        //se verifica daca nu exista deja imeiul
        $str = "SELECT imei,unlock_code from coduri WHERE imei='$imei'";
        $result = mysql_query($str, $id_connect);
        $num = mysql_num_rows($result);
        if($num != 0){
          $value = mysql_fetch_assoc($result);
          $unlock = $value['unlock_code'];
          $continut = "<row imei_exist=\"1\" imei=\"$imei\" unlock=\"$unlock\" />";
          build_xml_packet(9,$continut);
        }
        //mai intai update credit
        $str = "UPDATE clienti SET cr_consumat=cr_consumat+$cost, cr_ramas=cr_ramas-$cost WHERE nume='$nume'";
        mysql_query($str,$id_connect);
        //insert imei
        $data_in = time();
        //set data_out
        $data_out = "";
        $status = "wait";
        //inser
        $str = "INSERT INTO coduri (nume, imei, marca, model, companie, data_in, data_out, cost, status) VALUES ('$nume','$imei','$marca','$model','$companie','$data_in','$data_out','$cost','$status')";
        $result = mysql_query($str,$id_connect);
        if(!$result){
		    send_error_xml(mysql_error());
		}
		//send email to john
		    if(isset($_POST['spec_code'])){
	        $spec_code = $_POST['spec_code'];
	        send_mail_to_admin($imei,$nume,$marca,$model,$companie,$spec_code);
        }else{
          send_mail_to_admin($imei,$nume,$marca,$model,$companie);
        }
		    
        /*
        $subject = 'SpainGsm Team new imei';
	      $mail_address = "codigo@imeiserver.es";
	      $message = "Content-Type: text/html; charset=\"iso-8859-1\"\r\n" ;
	      $message .= "\r\n\r\n Exista un nou imei<br>";
	      $message .= "&nbsp;&nbsp;imei: $imei<br>";
	      $message .= "&nbsp;&nbsp;tipul imeiului: $marca -- $model -- $companie<br>";
	      $message .= "&nbsp;&nbsp;userul care a introdus imei-ul: $nume<br>";
	      smtpmail($mail_address, $subject, $message, MAIL_IMEI_USERNAME_CODIGO, MAIL_IMEI_PASSWORD_CODIGO, MAIL_IMEI_CODIGO);
	      */
	      //intoarce raspuns la server
		    $cr_ramas-=$cost;
        $continut = "<row cr_ramas=\"$cr_ramas\" />";
        build_xml_packet(9,$continut);
      }else{
        send_error_xml(12);
      }
    }
//########################################################################
    if($op=="update_client_data"){
    //string expected
      //$nume = mysql_real_escape_string($_POST['nume']);
      $parola = mysql_real_escape_string($_POST['parola']);
      $mail = mysql_real_escape_string($_POST['mail']);
      if($nume == "test"){
        send_error_xml(22);
      }
      if(!checkEmail($mail)){
        send_error_xml(15);
      }
      $phone = mysql_real_escape_string($_POST['phone']);
      $str = "UPDATE clienti SET parola='$parola', mail='$mail', phone='$phone' WHERE nume='$nume'";
      mysql_query($str,$id_connect);
      //return data cu noile valori
      $str = "SELECT parola, mail, phone FROM clienti WHERE nume='$nume'";
      $result = mysql_query($str,$id_connect);
      $value = mysql_fetch_assoc($result);
      $continut .= "<row parola=\"".$value['parola']."\" mail=\"".$value['mail']."\" phone=\"".$value['phone']."\" />";
      build_xml_packet(9,$continut);
    }
//#########################################################################
  }else{
    send_error_xml(8);
  }	
}else{
  send_error_xml(2);
}
?>
